Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

What's wrong with my log?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

What's wrong with my log?

Unread postby Coeurenhiver » December 28th, 2010, 5:53 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:59, on 28/12/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2070919
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2070919
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2070919
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\SideBar.exe /autoRun
O4 - HKCU\..\Run: [{F7224A20-A894-91C0-95B8-E67AF6285626}] C:\Users\Hawkeyed\AppData\Roaming\Ucih\mofoa.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} (XQWebView Control) - http://darpat.dyndns.biz/WebControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4363D2CC-B719-4492-8D68-CA5D706767E4}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{8481C46D-5ABD-4195-A22A-520E68567DD5}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Unknown owner - (no file)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12687 bytes


Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3.2
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.4.1
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advance Split Machine v1.0
AGEIA PhysX v7.07.09
ALLPlayer V4.X
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Archiwizator WinRAR
Ask Toolbar
Bonjour
Broadcom Management Programs
Buzzer Control 1.05
Capture One 4.6
Color Efex Pro 3.0 Complete
Conexant HDA D330 MDC V.92 Modem
CorelDRAW Graphics Suite 12
Dell Support Center
Dell System Customization Wizard
Dell Touchpad
Dell Wireless WLAN Card
DellSupport
Dfx for Adobe Photoshop
Dfx for Adobe Photoshop
Digital Line Detect
Download Accelerator Plus (DAP)
ESET Online Scanner v3
EuroPlus+ Angielski z Cambridge
EVEREST Home Edition v2.20
FlashGet 1.9.6.1073
Gadu-Gadu 10
Gadu-Gadu 7.7
GOM Player
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Governor of Poker 2 Premium Edition v1.0 Multi
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Java(TM) 6 Update 22
Java(TM) SE Runtime Environment 6
Kaspersky Internet Security 2011
Kaspersky Internet Security 2011
Last.fm 1.5.4.24567
livebox tp
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5 Language Pack - plk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Miranda IM 0.7.19
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
Mroczne Wieki
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NapiProjekt 1.0.6.9
neroxml
NetWaiting
Olympus Digital Wave Player
OpenOffice.org 3.2
Opera 9.24
OutlookAddinSetup
Pakiet jezykowy programu Microsoft .NET Framework 3.5 — PLK
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Porrasturvat - Stair Dismount
PowerISO
ProtectDisc Helper Driver 10
QuickSet
QuickTime
Real Alternative 1.7.5
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
save2pc Pro 3.43
screensaver_7000
SigmaTel Audio
Silver Efex Pro
Skype™ 3.8
Sonic Activation Module
SopCast 3.2.8
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SubEdit - Vista WMP Patch
SubEdit-Player
Suite Shared Configuration CS4
TELL ME MORE
Total Commander (Remove or Repair)
TuneUp Utilities 2011
UltraISO Premium V9.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
VCRedistSetup
Veetle TV 0.9.17
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Winamp Remote
Winamp Toolbar
Windows Media Player Firefox Plugin
Xvid 1.2.1 final uninstall
YouTube Downloader 2.6

My browser (Chrome, Safari) is constantly redirecting me to websites I didn't look for. Kaspersky Internet Security 2011 cannot update virus databases. Windows Update Installer cannot check for updates. I couldn't even download KIS databases manually. And if I did on other computer when I'm trying to update KIS from local hard drive I've got message "License verification failed". My license has 350 days remaining. Every 5 seconds KIS is showing me report "Denied: http://sdlls.ru/uka/gfdsk.php".
I cannot run applications like CWShredder in administrator mode.

Please help.
Coeurenhiver
Active Member
 
Posts: 2
Joined: December 28th, 2010, 5:42 pm
Advertisement
Register to Remove

Re: What's wrong with my log?

Unread postby askey127 » December 28th, 2010, 7:31 pm

Hi Coeurenhiver,
All your internet communication is being intercepted by a server in the Ukraine.
Because your System has not had recent updates successfully installed, we will check the system.
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to all your Internet activities, you should assume that any data on it may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
Don't use the infected machine to make the changes.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O8 - Extra context menu item: &Download All with FlashGet - C:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Programy\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4363D2CC-B719-4492-8D68-CA5D706767E4}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{8481C46D-5ABD-4195-A22A-520E68567DD5}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Ask Toolbar
FlashGet 1.9.6.1073
Java(TM) SE Runtime Environment 6

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
-----------------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.

So we are looking for the results from CKScanner and the MGADIAG report.
Tell me how it went.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: What's wrong with my log?

Unread postby Coeurenhiver » December 30th, 2010, 3:36 am

Thank you for your help.

Hijack This didn't fix following entries:
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll (file missing)
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4363D2CC-B719-4492-8D68-CA5D706767E4}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{8481C46D-5ABD-4195-A22A-520E68567DD5}: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.136,93.188.160.16

I don't have Ask Toolbar in Add/Remove Programs.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\hawkeyed\downloads\ebay\crackeddeskset_1-14.abr
c:\users\hawkeyed\downloads\ebay\crackeddeskset_1-14.zip
scanner sequence 3.ZZ.11
----- EOF -----


Diagnostic Report (1.7.0069.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: 0x0
Cached Validation Code: 0x0
Windows Product Key: *****-*****-4WD8X-M9WM7-CH4CG
Windows Product Key Hash: EkdqJZ28Y9zyrh7DU/lHNjTXlQY=
Windows Product ID: 89572-OEM-7332166-00096
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.002
CSVLK Server: N/A
CSVLK PID: N/A
ID: {CDCA1FC6-E1B2-4549-997A-71E42180EE5F}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6000.vista_gdr.100218-0019
TTS Error: K:20100112195820941-M:20101205200239941-
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2920-80070002_025D1FF3-282-80041010_025D1FF3-170-80041010_025D1FF3-171-1_025D1FF3-434-80040154_025D1FF3-178-80040154_025D1FF3-179-2_025D1FF3-185-80070002_025D1FF3-199-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Users\Hawkeyed\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CDCA1FC6-E1B2-4549-997A-71E42180EE5F}</UGUID><Version>1.7.0069.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CH4CG</PKey><PID>89572-OEM-7332166-00096</PID><PIDType>2</PIDType><SID>S-1-5-21-2354503105-2788741585-2392720671</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1520 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="4"/><Date>20070720000000.000000+000</Date></BIOS><HWID>F9323507018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><BRT/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65193</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>

Spsys.log Content: U1BMRwEAAAAAAQAABAAAAPgpAgAAAAAAYWECADAgAACRqDP5A5LKAW4aG1/FHasdtBRBPRnxqCKKfYgIzk8sJfHyKBv65ljMmHpbau9t8WO5m6+rhdYOMnj6ILn59K2H0WDYEX6P52T2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agi1eZppgi3hAxqRoqXGUt9RKrmivGlq5XO2s7SOVwoqXI0IxklqhFKtROMsDVcR//t9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIspN95nzbnC+EKEC7OffiExNsLjBAshu9YT90gJDiWbKwex3YAlFAsGOq/Qj/oSxPvZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCIcMewzC6G5Ep4hYqvE3BXv6svSAglUl3OBenDHAEOeLqi3Cns/HSoOOd+vD+DsN+X2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAxuGhtfxR2rHbQUQT0Z8agiyk33mfNucL4QoQLs59+ITPE6gKNnQgUyV1NWMRD86/pkGZrqBFIMRNt/IJieiRHr9lrAWWGyGSSSyXs3U+F4iTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMbhobX8Udqx20FEE9GfGoIsOZrGJOSkjTevBcSCtEeO81eatD0w38eyYbTWPV1kTxZ3WOSPzOcIJssOnO/KOdkvZawFlhshkkksl7N1PheIkzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDG4aG1/FHasdtBRBPRnxqCL4hTf0a5miicQ4pPiT1SLK5uzjZdkYk19Ssb6oP9XpUpeUjsgd22VxmS8DSH6+Gpj2WsBZYbIZJJLJezdT4XiJM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4uy9eBriMYr2KCwy6c9u/hwhI+PZvzyMGKZlc/Xyea3UEKJM59dw9ryEFiY/ssvGZyXtG3e4tiYDtZZ2Ov5jJEQbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqb1GvDRLszj8dEOs8ecZTAFB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhYgIHfIFy/bcGlpaR8PDTCfNNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeLoFRN9ShluEVqq6UfBCl2GGb2nsd7+U29HOUCQxsTm8BCiTOfXcPa8hBYmP7LLxmeteaUtQ6cQtZoPH5H5l5NYG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4Km9Rrw0S7M4/HRDrPHnGUwBQfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4WICB3yBcv23BpaWkfDw0wnzTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpnjrP/RLG3hwLFWY8aZ8ZI4EE7i0FhNaKhS/Ml/inVTRYwQokzn13D2vIQWJj+yy8Zn9O2/AfOm9UBLBjHjHjguDBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpvUa8NEuzOPx0Q6zx5xlMAUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOFiAgd8gXL9twaWlpHw8NMJ801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAw=
Coeurenhiver
Active Member
 
Posts: 2
Joined: December 28th, 2010, 5:42 pm

Re: What's wrong with my log?

Unread postby askey127 » December 30th, 2010, 6:29 am

-- Announcement --
This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialog to a successful conclusion.
If false information is provided, that trust is violated, and it is no longer the obligation of the volunteer to continue assistance.
This site will no longer help with this topic.

This Thread is Closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware